DLP Quick Start

Transcription

1 1 DLP Quick Start TRITON - Security is automatically configured to work with TRITON - Data Security. The Security module registers with the Data Security Management Server when you install it, and Data Security policies are enabled by default in TRITON - Security. Important You must click Deploy in TRITON - Data Security to complete the registration process. A quick-start data loss prevention (DLP) policy is provided.you just need to configure it. To get started with your DLP policy 1. Define user directories for Data Security users and other policy resources such as devices and networks. (See Configuring user directory server settings, page 2.) 2. Set up properties for alerts (See.Setting up properties, page 3.) 3. Select and enable the attributes to monitor in outgoing messages for example message size or attachment type. Configure properties for those attributes. When the settings you configure are matched, the policy is triggered. (See Select the attributes to monitor for outbound and inbound , page 4.) 4. Select and enable the attributes to monitor in inbound messages for example questionable images. Configure properties for those attributes. Note If you want to monitor internal messages, you must create a custom policy. On the Destination tab of the policy wizard, select Network or Endpoint , then select Direction > Internal. 5. Identify an owner or owners for the policy. See Defining policy owners, page 8 for instructions. DLP Quick Start 1

2 6. Identify trusted domains if any. See Identifying trusted domains, page 8 for more information. Note You cannot delete or rename your policy, but you can enable or disable attributes. In this section, you define inbound and outbound attributes. You define Internal DLP through the custom policy wizard. 7. Deploy your settings. (See Deploying your settings, page 9.) Configuring user directory server settings To resolve user details during analysis and enhance the details displayed in reporting, you need to first configure user directory server settings. In the TRITON Console, you define the LDAP user directory to use when adding and authenticating TRITON administrators with network accounts. (Select TRITON Settings from the TRITON toolbar, then select User Directories.) On the Data Security tab, you define the user directory to use for Data Security users and other policy resources such as devices and networks. 1. Select Settings > General > System. 2. Click the User Directories option in the System pane. 3. Click New in the toolbar. 4. In the Add User Directory Server screen, complete the following fields: Name Type Connection Settings IP address or host name Port User distinguished name Password Enter a name for the user directory server. Select the type of directory from the pull-down menu: Active Directory, Domino, ADAM, or CSV file. Enter the IP address or host name of the user directory server. Enter the port number of the user directory server. Enter a user name that has access to the directory server. Enter the password for this user name. 2 Websense Data Security

3 Root naming context Use SSL encryption Follow referrals Test Connection Directory usage Get additional user attributes Attributes to retrieve Sample address Test Attributes View Results Optionally, enter the root naming context that Websense Data Security should use to search for user information. If you supply a value, it must be a valid context in your domain. If the Root naming context field is left blank, Data Security begins searching at the top level of the directory service. Select this box if you want to connect to the directory server using Secure Sockets Layer (SSL) encryption. Select Follow referrals if you want Websense Data Security to follow server referrals should they exist. A server referral is when one server refers to another for programs or data. Click this button to test your connection to the userdirectory server. Select this box if you want to retrieve additional user attributes from the directory server. Enter the user attributes that you want TRITON - Data Security to collect for all users (comma separated). Enter a valid address with which you can perform a test. Click Test Attributes to retrieve user information on the address you supplied. Click View Results to check the user information that was imported. View Results retrieves and displays the data entered in the Sample address field. 5. Click OK to save your changes. Note If you select CSV as the file type in the Add User Directory Server, you won t see the IP address, port, and SSL fields. You need to supply the full path for the CSV files, along with a user name and password. The Test Connection functionality is the same. There are no Directory usage fields associated with CSV files. Setting up properties Set up the properties, such as SMTP mail server, to be used for system alerts. 1. Select Settings > General > System. DLP Quick Start 3

4 2. Select the Alerts option in the System pane. 3. On the General tab select the conditions on which you want to trigger alerts. 4. On the Properties tab, complete the fields as follows: Sender name Sender address When an alert is sent to administrators, from whom should it be coming? Enter the address of the person from whom the alert is coming. 5. To define or edit the Outgoing mail server, click Edit (the pencil icon). Complete the fields as follows: IP address or host name Port Enter the IP address or host name of the outgoing SMTP mail server to use for scheduled alert notifications. Enter the port number of the mail server to use. 6. Complete the remaining fields as follows: Subject Recipients Enter a subject for alerts. Click the right-arrow to select a variable to include in the subject, such as %Severity%. Click Edit to select the recipients to whom alerts should be sent. 7. Click OK to save your changes. Note The same outgoing mail server is used for alerts, notifications, and scheduled tasks. The settings you use here apply to the other cases, and if you change the settings for one, it affects the others. Select the attributes to monitor for outbound and inbound Configure the attributes that you want to monitor for outbound and inbound messages. 1. In TRITON - Data Security, select Main > Policy Management > DLP Policies > DLP Policy. 4 Websense Data Security

5 2. On the Outbound tab, check one or more attributes to include in the policy for outbound messages. To define properties for an attribute, highlight it and enter information in the right pane. (Refer to the following table for a description of each attribute.) a. If you want to send notifications when there is a violation of a particular attribute setting, select the Send Notification check box. You can configure who receives the notifications by clicking the name of the notification, policy violation. Click this option to define the mail server, subject, and message body, as well as other required properties. By default, for inbound messages, policy owners receive notifications. For outbound messages, both policy owners and message senders receive them. b. For each attribute, indicate how severe a breach would be (low, medium, or high severity), and what action should be taken if a breach is detected. The default severity levels and available actions are shown below for each attribute. Message size Regulatory & compliance Attachment name Select the size of messages to monitor. For example, choose 25 MB if you want Data Security to analyze and enforce messages exceeding 25 MB, but you re not concerned about messages smaller than 25 MB, even if there is a match. The default size is 10 MB. Available actions: quarantine (default), permit. Select the regulatory and compliance rules you need to enforce. These are applied to the regions you selected with the regulatory & compliance option. Personally Identifiable Information (PII) Private Health Information (PHI) Payment Card Industry (PCI) If you have not selected regions, an error pops up. Click Select regions to fix this. Default severity: high. Available actions: quarantine (default), permit. One by one, enter the names of the exact files that should be monitored when they re attached to an message. Include the filename and extension. Click Add after each entry. For example, add the file named confidential.docx. When that file is attached to an message, Data Security detects it and either permits or blocks the message, or drops the attachment and sends the remaining message. Note that Drop Attachments applies only to the TRITON - Security module. If your is being monitored by the protector or SMTP agent and you select this option, it will be quarantined when a policy is triggered. Available actions: quarantine, permit, drop attachments (default) DLP Quick Start 5

6 Attachment type Patterns & phrases Click Add to specify the types of files that should be monitored when attached to an message, for example Microsoft Excel files. From the resulting dialog box, select the type or types of files to monitor. If there are more file types than can appear on the page, enter search criteria to find the file type you want. Data Security searches in the file type group, description, and file type for the data you enter. If the file type does not exist, specify exact files of this type using the Attachment name attribute instead. Available actions: quarantine, permit, drop attachments (default). Note: Drop Attachments applies only to the TRITON - Security module. If your is being monitored by the protector or SMTP agent and you select this option, it will be quarantined when a policy is triggered. Click Add to define key phrases or regular expression (RegEx) patterns that should be monitored. RegEx patterns are used to identify alphanumeric strings of a certain format. On the resulting dialog box, enter the precise phrase (for example Internal Only ) or RegEx pattern (for example ~ m/h.?e/) to include. Select how many phrase matches must be made for the policy to trigger. The default number of matches is 1. Define whether to search for the phrase or RegEx pattern in all fields, or in one or more specific fields. For example, you may want to search only in an attachment, or skip searching in To and CC fields. Default severity: medium. Available actions: quarantine (default), permit. Note: Although you do not define whether to search for only unique strings, the system will use the following defaults: Key phrase: non-unique - all matches will be reported. Regular expression: unique - only unique matches will be reported as triggered values. 6 Websense Data Security

7 Acceptable use Questionable images Number of attachments Number of destination domains Select the dictionaries that define unacceptable use in your organization. For example, if you want to prevent adult language from being exchanged by , select Adult. Data Security includes dictionaries in 9 languages. Select the languages to enforce. Only terms in these languages are considered a match. For example, if you select the Adult dictionary and Hebrew, adult terms in English are not considered an incident. Note that false positives (unintended matches) are more likely to occur when you select multiple languages. For this reason, exercise caution when selecting the languages to enforce. You cannot add or delete terms from predefined dictionaries, but you can exclude them from detection if you are getting unintended matches. Select Main > Content Classifiers > Patterns & Phrases, select the dictionary to edit, then enter the phrases to exclude. By default the policy is triggered by a single match from the dictionary or dictionaries you select. Default severity: medium. Available actions: quarantine (default), permit. Select this attribute to prevent pornographic images from entering your organization. (This feature requires a special Data Security Image Analysis subscription). Pornographic images pose a legal liability to organizations in many countries. Data Security judges images based on the amount of flesh tone they contain. Available actions: quarantine, permit, drop attachments (default). Specify the number of attachments to detect. messages with this number of attachments (or more) trigger the policy. The default number of attachments is 20. Available actions: quarantine (default), permit This option is available for outbound messages only. Sometimes you may want to block messages sent to multiple destination domains, because this may indicate spam. Specify the number of destination domains to detect. messages sent to this number of domains (or more) trigger the policy. The default number of domains is 25. Also, select which fields to monitor (To, Cc, Bcc). To and Cc are selected by default. Available actions: quarantine (default), permit. 3. Click the Inbound tab and repeat step 2 to define the attributes to include in the policy for inbound messages. Note that number of destination domains does not apply to inbound messages. DLP Quick Start 7

8 Defining policy owners Policy owners can view and modify a policy and, if configured, receive notifications of breaches. Notifications must be enabled in one or more of the policy s attributes for notifications to be sent. To define an owner or owners for this DLP policy: 1. Select the Policy Owners tab. 2. Click Edit. 3. Select one or more owners from the resulting box. 4. Click OK. If you would like notifications to be sent to policy owners: 1. Select Main > Policy Management > Resources. 2. Click Notifications in the Remediation section of the page. 3. Select an existing notification or click New to create a new one. 4. Under Recipients, select Additional addresses. 5. Click the right arrow then select the variable, %Policy Owners%. 6. Click OK. Identifying trusted domains Trusted domains are, simply, those that you trust, such as the domain of a company you just acquired. Trusted domains do not need to be monitored, so they do not get analyzed by Data Security. Note Trusted domains apply to outbound traffic only. If you have domains that you do not want enforced: 1. On the Outbound tab, select Enable trusted domains. 2. Click Edit. 3. Browse for the domain or domains you trust. 4. Click OK. 8 Websense Data Security

9 Deploying your settings The settings you configured in this chapter must be deployed to the Security module and other system components to begin monitoring your . To deploy settings: 1. Click OK on the DLP policy page. 2. Click Deploy in the TRITON - Data Security toolbar. Your DLP policy is now functioning! DLP Quick Start 9

This chapter describes some basic Email Security Gateway configuration settings, some of which can be set in the first-time Configuration Wizard. Other topics covered include Email Security interface navigation,

Configuration Information Email Security Gateway Version 7.7 This chapter describes some basic Email Security Gateway configuration settings, some of which can be set in the first-time Configuration Wizard.

Using TLS encryption with OS X Mail This guide assumes that you have already created an account in Mail. If you have not, you can use the new account wizard. The new account wizard is in the Accounts window

Policy Patrol 3.0 technical documentation July 23, 2004 Installing Policy Patrol on a separate machine If you have Microsoft Exchange Server 2000 or 2003 it is recommended to install Policy Patrol on the

NETWRIX EVENT LOG MANAGER QUICK-START GUIDE FOR THE ENTERPRISE EDITION Product Version: 4.0 July/2012. Legal Notice The information in this publication is furnished for information use only, and does not

NETWRIX EVENT LOG MANAGER ADMINISTRATOR S GUIDE Product Version: 4.0 July/2012. Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment

Outlook Express Open up Outlook Express From the Menu Bar Tools to Accounts - Click on Mail Tab Click on mail.nefcom.net (default) Click on Properties button Click on the General tab User Information E-mail

ArchMail (www.archbalt.org/archmail) is a centrally hosted email system for the employees of the Archdiocese. To simplify employee access multiple methods for accessing email have been established. This

Configure the E-mail Router After the E-mail Router has been installed, you can configure several aspects of it. Some of these configuration tasks are mandatory. Others are optional in that you use them

ElkhartNet, Inc. is dedicated to providing our email customers with excellent service and support. In a targeted effort to reduce SPAM and to provide more secure and faster email, we are changing our outgoing

Using TLS Encryption with Microsoft Outlook 2007 This guide is meant to be used with Microsoft Outlook 2007. While the instructions are similar, the menu layouts and options have changed since the previous

Contents Page Q. How do I access my email? Q. How do I change or reset a password for an email account? Q. How do I forward or redirect my messages to a different email address? Q. How do I set up an auto-reply

Basic Exchange Setup Guide The following document and screenshots are provided for a single Microsoft Exchange Small Business Server 2003 or Exchange Server 2007 setup. These instructions are not provided

Outlook Express Open up Outlook Express From the Menu Bar Tools to Accounts - Click on Mail Tab Click on mail.btconline.net mail (default) Click on Properties button Click on the General tab User Information

Configuration 2015 Guide Follow the simple steps given in this document when you are going to run Lepide Active Directory Cleaner for the first time. Configuration Guide for the Lepide Active Directory

Outlook Express Open up Outlook Express From the Menu Bar Tools to Accounts - Click on Mail Tab Click on mail.nefcom.net (default) Click on Properties button Click on the General tab User Information E-mail

Netwrix Auditor for Windows Server Quick-Start Guide Version: 7.0 7/7/2015 Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment from

How to set up your Secure Email in Outlook 2010* This guide is for hosting clients who are hosting their email with us. If you are using a third party email, you should not use these instructions. 1. Open

Using TLS Encryption with Microsoft Entourage This guide assumes that you have previously configured Entourage to work with your Beloit College email account. If you have not, you can create an account

Using Your New Webmail Table of Contents Composing a New Message... 2 Adding Attachments to a Message... 4 Inserting a Hyperlink... 6 Searching For Messages... 8 Downloading Email from a POP3 Account...

Configuring Your Email Client: Outlook Express Information in this document created by Webmail.us and provided by Bare Feet Studios. Table of Contents Chapter 1. Introduction... 1-1 What is an Email Client?...

CHAPTER 4 This chapter describes how Cisco Identity Services Engine (ISE) manages its network identities and access to its resources using role-based access control policies, permissions, and settings.

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer.

Netwrix Auditor for Active Directory Quick-Start Guide Version: 7.1 10/26/2015 Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment

IBM WEBSPHERE ADAPTER 6.0.2 LAB EXERCISE Copyright IBM Corporation 2007 All rights reserved Install and configure e-mail server What this exercise is about... 1 What you should be able to do... 1 Introduction...

NovaBACKUP Storage Server NovaStor / May 2011 2011 NovaStor, all rights reserved. All trademarks are the property of their respective owners. Features and specifications are subject to change without notice.

How to Logon with Domain Credentials to a Server in a Workgroup Johan Loos johan@accessdenied.be Version 1.0 Authentication Overview Basically when you logon to a Windows Server you can logon locally using

Webmail Access How to Pop Email to Outlook You can access your email account through the following URL: http://webmail.usalocalbiz.com. The login is your full email address and your account password. We

Manual POLICY PATROL EMAIL DISCLAIMERS MANUAL Policy Patrol Email Disclaimers & Signatures This manual, and the software described in this manual, are copyrighted. No part of this manual or the described

GFI Product Manual Administration and Configuration Manual http://www.gfi.com info@gfi.com The information and content in this document is provided for informational purposes only and is provided "as is"

How to use webmail. This tutorial is our how-to guide for using Webmail. It does not cover every aspect of Webmail; What browsers can I use to view my mail? Webmail supports the following browsers: Microsoft

Configuring Your Email Client: Eudora 5.x Configuring Eudora for POP 1-1 Table of Contents Chapter 1. Introduction...1-1 What is an Email Client?...1-1 Who Should Read This Manual?...1-1 How Does Email

Set up Outlook for your new student e mail with IMAP/POP3 settings 1. Open Outlook. The Account Settings dialog box will open the first time you open Outlook. If the Account Settings dialog box doesn't

Eclarsys PopGrabber POP3 Connector for Exchange - Configuration PopGrabber is an excellent replacement for the POP3 connector included in Windows SBS 2000 and 2003. It also works, of course, with Exchange

Mozilla Thunderbird: Setup & Configuration Learning Guide Exchange Email at Tufts Below you will find some nomenclature to help familiarize you with the Tufts email system. Term UTLN Email Address Exchange

Email Signing and Encryption using Microsoft outlook 2007 Prerequisite a. The user s email account has been added and correctly configured into Microsoft outlook. b. The user has an authentication certificate.

Netwrix Auditor Administrator's Guide Version: 7.1 10/30/2015 Legal Notice The information in this publication is furnished for information use only, and does not constitute a commitment from Netwrix Corporation

Quick Start Guide DocuSign Retrieve 3.2.2 Published April 2015 Overview DocuSign Retrieve is a windows-based tool that "retrieves" envelopes, documents, and data from DocuSign for use in external systems.